github.com/mtsmfm/go/src@v0.0.0-20221020090648-44bdcb9f8fde/crypto/x509/internal/macos/security.go (about) 1 // Copyright 2020 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 //go:build darwin 6 7 package macOS 8 9 import ( 10 "errors" 11 "fmt" 12 "internal/abi" 13 "strconv" 14 "unsafe" 15 ) 16 17 // Security.framework linker flags for the external linker. See Issue 42459. 18 // 19 //go:cgo_ldflag "-framework" 20 //go:cgo_ldflag "Security" 21 22 // Based on https://opensource.apple.com/source/Security/Security-59306.41.2/base/Security.h 23 24 type SecTrustSettingsResult int32 25 26 const ( 27 SecTrustSettingsResultInvalid SecTrustSettingsResult = iota 28 SecTrustSettingsResultTrustRoot 29 SecTrustSettingsResultTrustAsRoot 30 SecTrustSettingsResultDeny 31 SecTrustSettingsResultUnspecified 32 ) 33 34 type SecTrustResultType int32 35 36 const ( 37 SecTrustResultInvalid SecTrustResultType = iota 38 SecTrustResultProceed 39 SecTrustResultConfirm // deprecated 40 SecTrustResultDeny 41 SecTrustResultUnspecified 42 SecTrustResultRecoverableTrustFailure 43 SecTrustResultFatalTrustFailure 44 SecTrustResultOtherError 45 ) 46 47 type SecTrustSettingsDomain int32 48 49 const ( 50 SecTrustSettingsDomainUser SecTrustSettingsDomain = iota 51 SecTrustSettingsDomainAdmin 52 SecTrustSettingsDomainSystem 53 ) 54 55 type OSStatus struct { 56 call string 57 status int32 58 } 59 60 func (s OSStatus) Error() string { 61 return s.call + " error: " + strconv.Itoa(int(s.status)) 62 } 63 64 // Dictionary keys are defined as build-time strings with CFSTR, but the Go 65 // linker's internal linking mode can't handle CFSTR relocations. Create our 66 // own dynamic strings instead and just never release them. 67 // 68 // Note that this might be the only thing that can break over time if 69 // these values change, as the ABI arguably requires using the strings 70 // pointed to by the symbols, not values that happen to be equal to them. 71 72 var SecTrustSettingsResultKey = StringToCFString("kSecTrustSettingsResult") 73 var SecTrustSettingsPolicy = StringToCFString("kSecTrustSettingsPolicy") 74 var SecTrustSettingsPolicyString = StringToCFString("kSecTrustSettingsPolicyString") 75 var SecPolicyOid = StringToCFString("SecPolicyOid") 76 var SecPolicyAppleSSL = StringToCFString("1.2.840.113635.100.1.3") // defined by POLICYMACRO 77 78 var ErrNoTrustSettings = errors.New("no trust settings found") 79 80 const errSecNoTrustSettings = -25263 81 82 //go:cgo_import_dynamic x509_SecTrustSettingsCopyCertificates SecTrustSettingsCopyCertificates "/System/Library/Frameworks/Security.framework/Versions/A/Security" 83 84 func SecTrustSettingsCopyCertificates(domain SecTrustSettingsDomain) (certArray CFRef, err error) { 85 ret := syscall(abi.FuncPCABI0(x509_SecTrustSettingsCopyCertificates_trampoline), uintptr(domain), 86 uintptr(unsafe.Pointer(&certArray)), 0, 0, 0, 0) 87 if int32(ret) == errSecNoTrustSettings { 88 return 0, ErrNoTrustSettings 89 } else if ret != 0 { 90 return 0, OSStatus{"SecTrustSettingsCopyCertificates", int32(ret)} 91 } 92 return certArray, nil 93 } 94 func x509_SecTrustSettingsCopyCertificates_trampoline() 95 96 const errSecItemNotFound = -25300 97 98 //go:cgo_import_dynamic x509_SecTrustSettingsCopyTrustSettings SecTrustSettingsCopyTrustSettings "/System/Library/Frameworks/Security.framework/Versions/A/Security" 99 100 func SecTrustSettingsCopyTrustSettings(cert CFRef, domain SecTrustSettingsDomain) (trustSettings CFRef, err error) { 101 ret := syscall(abi.FuncPCABI0(x509_SecTrustSettingsCopyTrustSettings_trampoline), uintptr(cert), uintptr(domain), 102 uintptr(unsafe.Pointer(&trustSettings)), 0, 0, 0) 103 if int32(ret) == errSecItemNotFound { 104 return 0, ErrNoTrustSettings 105 } else if ret != 0 { 106 return 0, OSStatus{"SecTrustSettingsCopyTrustSettings", int32(ret)} 107 } 108 return trustSettings, nil 109 } 110 func x509_SecTrustSettingsCopyTrustSettings_trampoline() 111 112 //go:cgo_import_dynamic x509_SecTrustCreateWithCertificates SecTrustCreateWithCertificates "/System/Library/Frameworks/Security.framework/Versions/A/Security" 113 114 func SecTrustCreateWithCertificates(certs CFRef, policies CFRef) (CFRef, error) { 115 var trustObj CFRef 116 ret := syscall(abi.FuncPCABI0(x509_SecTrustCreateWithCertificates_trampoline), uintptr(certs), uintptr(policies), 117 uintptr(unsafe.Pointer(&trustObj)), 0, 0, 0) 118 if int32(ret) != 0 { 119 return 0, OSStatus{"SecTrustCreateWithCertificates", int32(ret)} 120 } 121 return trustObj, nil 122 } 123 func x509_SecTrustCreateWithCertificates_trampoline() 124 125 //go:cgo_import_dynamic x509_SecCertificateCreateWithData SecCertificateCreateWithData "/System/Library/Frameworks/Security.framework/Versions/A/Security" 126 127 func SecCertificateCreateWithData(b []byte) (CFRef, error) { 128 data := BytesToCFData(b) 129 defer CFRelease(data) 130 ret := syscall(abi.FuncPCABI0(x509_SecCertificateCreateWithData_trampoline), kCFAllocatorDefault, uintptr(data), 0, 0, 0, 0) 131 // Returns NULL if the data passed in the data parameter is not a valid 132 // DER-encoded X.509 certificate. 133 if ret == 0 { 134 return 0, errors.New("SecCertificateCreateWithData: invalid certificate") 135 } 136 return CFRef(ret), nil 137 } 138 func x509_SecCertificateCreateWithData_trampoline() 139 140 //go:cgo_import_dynamic x509_SecPolicyCreateSSL SecPolicyCreateSSL "/System/Library/Frameworks/Security.framework/Versions/A/Security" 141 142 func SecPolicyCreateSSL(name string) (CFRef, error) { 143 var hostname CFString 144 if name != "" { 145 hostname = StringToCFString(name) 146 defer CFRelease(CFRef(hostname)) 147 } 148 ret := syscall(abi.FuncPCABI0(x509_SecPolicyCreateSSL_trampoline), 1 /* true */, uintptr(hostname), 0, 0, 0, 0) 149 if ret == 0 { 150 return 0, OSStatus{"SecPolicyCreateSSL", int32(ret)} 151 } 152 return CFRef(ret), nil 153 } 154 func x509_SecPolicyCreateSSL_trampoline() 155 156 //go:cgo_import_dynamic x509_SecTrustSetVerifyDate SecTrustSetVerifyDate "/System/Library/Frameworks/Security.framework/Versions/A/Security" 157 158 func SecTrustSetVerifyDate(trustObj CFRef, dateRef CFRef) error { 159 ret := syscall(abi.FuncPCABI0(x509_SecTrustSetVerifyDate_trampoline), uintptr(trustObj), uintptr(dateRef), 0, 0, 0, 0) 160 if int32(ret) != 0 { 161 return OSStatus{"SecTrustSetVerifyDate", int32(ret)} 162 } 163 return nil 164 } 165 func x509_SecTrustSetVerifyDate_trampoline() 166 167 //go:cgo_import_dynamic x509_SecTrustEvaluate SecTrustEvaluate "/System/Library/Frameworks/Security.framework/Versions/A/Security" 168 169 func SecTrustEvaluate(trustObj CFRef) (CFRef, error) { 170 var result CFRef 171 ret := syscall(abi.FuncPCABI0(x509_SecTrustEvaluate_trampoline), uintptr(trustObj), uintptr(unsafe.Pointer(&result)), 0, 0, 0, 0) 172 if int32(ret) != 0 { 173 return 0, OSStatus{"SecTrustEvaluate", int32(ret)} 174 } 175 return CFRef(result), nil 176 } 177 func x509_SecTrustEvaluate_trampoline() 178 179 //go:cgo_import_dynamic x509_SecTrustGetResult SecTrustGetResult "/System/Library/Frameworks/Security.framework/Versions/A/Security" 180 181 func SecTrustGetResult(trustObj CFRef, result CFRef) (CFRef, CFRef, error) { 182 var chain, info CFRef 183 ret := syscall(abi.FuncPCABI0(x509_SecTrustGetResult_trampoline), uintptr(trustObj), uintptr(unsafe.Pointer(&result)), 184 uintptr(unsafe.Pointer(&chain)), uintptr(unsafe.Pointer(&info)), 0, 0) 185 if int32(ret) != 0 { 186 return 0, 0, OSStatus{"SecTrustGetResult", int32(ret)} 187 } 188 return chain, info, nil 189 } 190 func x509_SecTrustGetResult_trampoline() 191 192 //go:cgo_import_dynamic x509_SecTrustEvaluateWithError SecTrustEvaluateWithError "/System/Library/Frameworks/Security.framework/Versions/A/Security" 193 194 func SecTrustEvaluateWithError(trustObj CFRef) error { 195 var errRef CFRef 196 ret := syscall(abi.FuncPCABI0(x509_SecTrustEvaluateWithError_trampoline), uintptr(trustObj), uintptr(unsafe.Pointer(&errRef)), 0, 0, 0, 0) 197 if int32(ret) != 1 { 198 errStr := CFErrorCopyDescription(errRef) 199 err := fmt.Errorf("x509: %s", CFStringToString(errStr)) 200 CFRelease(errRef) 201 CFRelease(errStr) 202 return err 203 } 204 return nil 205 } 206 func x509_SecTrustEvaluateWithError_trampoline() 207 208 //go:cgo_import_dynamic x509_SecTrustGetCertificateCount SecTrustGetCertificateCount "/System/Library/Frameworks/Security.framework/Versions/A/Security" 209 210 func SecTrustGetCertificateCount(trustObj CFRef) int { 211 ret := syscall(abi.FuncPCABI0(x509_SecTrustGetCertificateCount_trampoline), uintptr(trustObj), 0, 0, 0, 0, 0) 212 return int(ret) 213 } 214 func x509_SecTrustGetCertificateCount_trampoline() 215 216 //go:cgo_import_dynamic x509_SecTrustGetCertificateAtIndex SecTrustGetCertificateAtIndex "/System/Library/Frameworks/Security.framework/Versions/A/Security" 217 218 func SecTrustGetCertificateAtIndex(trustObj CFRef, i int) (CFRef, error) { 219 ret := syscall(abi.FuncPCABI0(x509_SecTrustGetCertificateAtIndex_trampoline), uintptr(trustObj), uintptr(i), 0, 0, 0, 0) 220 if ret == 0 { 221 return 0, OSStatus{"SecTrustGetCertificateAtIndex", int32(ret)} 222 } 223 return CFRef(ret), nil 224 } 225 func x509_SecTrustGetCertificateAtIndex_trampoline() 226 227 //go:cgo_import_dynamic x509_SecCertificateCopyData SecCertificateCopyData "/System/Library/Frameworks/Security.framework/Versions/A/Security" 228 229 func SecCertificateCopyData(cert CFRef) ([]byte, error) { 230 ret := syscall(abi.FuncPCABI0(x509_SecCertificateCopyData_trampoline), uintptr(cert), 0, 0, 0, 0, 0) 231 if ret == 0 { 232 return nil, errors.New("x509: invalid certificate object") 233 } 234 b := CFDataToSlice(CFRef(ret)) 235 CFRelease(CFRef(ret)) 236 return b, nil 237 } 238 func x509_SecCertificateCopyData_trampoline()